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7/7/1 (Item 1 from file: 2) 

DIALOG (R) File 2 : INSPEC 

(c) 2003 Institution of Electrical Engineers. All rts. reserv. 
6704745 

Title: Dealing with the threat of hacker attack 

Author (s): Hayday, J. 

Journal: Business Continuity vol.8, no. 3 p. 34 
Publisher: Continuity Publishing, 

Publication Date: Summer 2000 Country of Publication: UK 

CODEN: BSCNEM ISSN: 1353-601X 

SICI: 1353-60 IX (200022) 8:3L.34 : DWTH; 1-G 

Material Identity Number: B340-2000-003 

Language: English Document Type: Journal Paper (JP) 


Treatment : Practical ( P) 

Abstract: While it is impossible to eliminate all risk, Internet 
Security Systems recommends ten steps to take before the organisation's 
network comes under attack: (a) Appoint a team to take responsibility for 
implementing an emergency response plan; (b) Ensure that the emergency 
response team has the ear of senior management and has the necessary 
technical skills to deal with common security threats; (c) Consider 
outsourcing from a company offering emergency response services; (d) 
Conduct an audit of critical business systems to identify possible 
vulnerabilities; (e) Take appropriate action to mitigate any easily 
identified risks; (f) Ensure that security assessment exercises include the 
identification of any dependencies and determine what their level of 
protection is; (g) Test the network design for resilience to security 
threats; (h) Take action to mitigate any risks that are discovered: (i) 
Send syslog information from routers to an analysis machine to examine for 
evidence of an attack; and (j) Keep information of the latest threats and 
vulnerabilities and Internet security issues in general. (0 Refs) 

Subfile: D 

Copyright 2000, IEE 


7/7/2 (Item 1 from file: 95) 

DIALOG (R) File 95 : TEME-Technology & Management 
(c) 2003 FIZ TECHNIK. All rts. reserv. 

01508531 20010400301 

Attackenabwehr fuer Unternehmensnetze 

anonym 

Information Week, v61, n7, pp68, 70-71, 2001 
Document type: journal article Language: German 
Record type: Abstract 
ISSN: 1436-0829 

ABSTRACT : 

Besonders Extranets und die zunehmende geschaef tliche Nutzung des Internets 
fuehren dazu, dass Unternehmen Verbindungen durch ihre Firewall zulassen 
muessen. Die so entstehenden Sicherheitsrisiken werden durch 
Intrusion-Detection-Systeme (IDS) gemindert. Ihre Aufgabe ist es Attacken 
zu erkennen, Angriffe auszuwerten, ihre Ursache ausfindig zu machen und bei 
Bedarf Alarm auszuloesen. Derzeit werden host- und net zwerkbasierte Systeme 
angeboten. Bei den Sicherheitsverantwortlichen stehen ID-Systeme hoch im 
Kurs - bei Anwendern nicht. Es ist recht schwierig sie richtig zu 
konfigurieren. Wenn das Tool zu eng ausgelegt wird, koennen einige Attacken 
unbemerkt durchschluepfen. Im umgekehrten Fall muss sich der Administrator 
permanent mit einer grossen Anzahl von Log-Files befassen, von denen viele 
letztlich nicht relevant sind. Die Gartner Group sieht deshalb ein grosses 
Potential fuer Managed IDS. Die Firma Internet Security Systems (ISS) 
arbeitet schon seit langem an diesen Produkten und hat es mit Real Secure 
3.0 geschafft, Host- und Netzwerk-basierte Loesungen zusammenzubringen . Auf 
Managed Security Services hat man sich zudem spezialisiert . ISS 
bietet Anwendern die Moeglichkeit IDS komplett oder nur teilweise zu 
uebernehmen, je nach Wunsch des Kunden. Konkurrenten von ISS wie z.B. 
Cisco, CA, Symantec, Network Associates sowie Network ICE und ihre Produkte 
werden im Beitrag ebenfalls kurz angesprochen . 


7/7/3 (Item 1 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 


07405992 


Supplier Number: 80155179 


Riptech Joins the Cisco Awid Partner Program; Riptech ' s Real-Time 
Managed Security Services Meet Cisco AWID Program Requirements for 
Interoperability . 

Business Wire, 2465 
Nov 19, 2001 


7/7/4 (Item 2 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07389024 Supplier Number: 79860905 

Counterpane Internet Security, Inc. Joins Cisco AWID Partner Program; 
Counterpane f s Managed Security Monitoring Service Meets Cisco 
AWID Program Requirements for Interoperability. 

Business Wire, 0410 
Nov 8, 2001 


7/7/5 (Item 3 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07298100 Supplier Number: 78470813 

Internet Security Systems Pledges Financial Donation, Security 
Software and Managed Security Services to Aid in Disaster Relief. 

PR Newswire, NA 
Sept 21, 2001 


7/7/6 (Item 4 from file: 111) 

DIALOG (R) File 111:TGG Nat 1 . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07202480 Supplier Number: 76750014 

Riptech Further Expands Management Team Amid Strong Demand for Real-Time 

Managed Security Services . 
Business Wire, 2276 
July 25, 2001 


7/7/7 (Item 5 from file: 111) 

DIALOG (R) File 111:TGG Nat 1 . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07184160 Supplier Number: 76552642 

Enspherics Selects Riptech to Provide Real-Time Managed Security 

Services . 
Business Wire, 2533 
July 16, 2001 


7/7/8 (Item 6 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07179845 Supplier Number: 76492229 

Enterasys Networks Selects Riptech to Provide Real-Time Managed 

Security Services to Customers. 
Business Wire, 2521 


July 12, 2001 


7/7/9 (Item 7 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07179155 Supplier Number: 76488762 

Riptech Reports Best-Ever Financial Results for Second Quarter Amid 
Strong Demand for Managed Security Services . 
Business Wire, 2326 
July 12, 2001 


7/7/10 (Item 8 from file: 111) 

DIALOG (R) File 111:TGG Nat 1 . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

07124664 Supplier Number: 75274068 

Internet Security Systems and NTT Communications Sign Agreement To 
Deliver Managed Security Services in Japan. 
PR Newswire, NA 
June 5, 2001 


7/7/11 (Item 9 from file: 111) 

DIALOG (R) File 111 : TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06980860 Supplier Number: 74284432 

METASeS Partners With Riptech to Offer Managed Security Services . 
Business Wire, 2254 
May 8, 2001 


7/7/12 (Item 10 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06957654 Supplier Number: 73528683 

Counterpane Internet Security, Inc. Complements its Managed Security 
Monitoring Services Offering Through its Acquisition of Security Design 
International , Inc . 

Business Wire, 2371 
April 23, 2001 


7/7/13 (Item 11 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06937355 Supplier Number: 73017117 

Riptech Teams With Equinix to Provide Managed Security Services 
Within Equinix IBX Centers. 

Business Wire, 0364 
April 10, 2001 


7/7/14 (Item 12 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 


(c) 2003 The Gale Group. All rts. reserv. 


06934811 Supplier Number: 72949778 

Riptech Announces Strategic Alliance With AIG eBusiness Risk Solutions to 
Provide 24x7 Managed Security Services . 
Business Wire, 2184 
April 9, 2001 


7/7/15 (Item 13 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06922752 Supplier Number: 72584431 

Lockheed Martin and Riptech Announce Strategic Alliance to Offer Managed 

Security Services . 
Business Wire, 2178 
April 2, 2001 


7/7/16 (Item 14 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06914792 Supplier Number: 72325116 

Counterpane ! s Market Expansion Accelerates as More Businesses Subscribe 
to Their Managed Security Monitoring Service . 
Business Wire, 0189 
March 27, 2001 


7/7/17 (Item 15 from file: 111) 

DIALOG(R) File 111:TGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06847475 Supplier Number: 71554998 

Riptech Introduces Partner Program to Support Explosive Demand for 24X7 

Managed Security Services . 
Business Wire, 2136 
March 12, 2001 


7/7/18 (Item 16 from file: 111) 

DIALOG(R) File 111:TGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06836001 Supplier Number: 71183683 

Counterpane Internet Security Adds Key Customers for Its Managed 
Security Monitoring Service . 
Business Wire, 0207 
March 5, 2001 


7/7/19 (Item 17 from file: 111) 

DIALOG(R) File 111:TGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06797743 Supplier Number: 70356087 

Counterpane Internet Security Signs NetCertainty and OpenReach for Its 
Managed Security Monitoring Service ; Web Development Tool and 


Service Companies Rely On Counterpane . 
Business Wire, 0307 
Feb 12, 2001 


7/7/20 (Item 18 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06779304 Supplier Number: 69704393 

NetScreen and Riptech Announce Partnership to Offer High-bandwidth 24X7 

Managed Security Services . 
Business Wire, 0216 
Jan 30, 2001 


7/7/21 (Item 19 from file: 111) 

DIALOG(R) File 111:TGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06761757 Supplier Number: 69373571 

Riptech Announces Partnership to Provide Yipes 1 Customers With 24x7 

Managed Security Services . 
Business Wire, 2438 
Jan 22, 2001 


7/7/22 (Item 20 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06634558 Supplier Number: 66623324 

Internet Security Systems and NOCpulse Join Forces to Deliver 

Managed Security Services . 
PR Newswire, 1317 
Nov 6, 2000 


7/7/23 (Item 21 from file: 111) 

DIALOG(R) File lllrTGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06588883 Supplier Number: 66099883 

Internet Security Systems and Log On America Team Up To Provide 
Managed Security Services . 
PR Newswire, NA 
Oct 16, 2000 


7/7/24 (Item 22 from file: 111) 

DIALOG (R) File 111:TGG Nat 1 . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06587770 Supplier Number: 66096413 

Internet Security Systems and HiFive.net Partner to Deliver 
Industry-Leading Managed Security Services to Small and Midsize 
Enterprises Through IT Service Partners. 

PR Newswire, 5865 
Oct 16, 2000 


7/7/25 (Item 23 from file: 111) 

DIALOG (R) File 111 : TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06587769 Supplier Number: 66096412 

Internet Security Systems Announces Nine New Partnerships, Cements 
No. 1 Position in Managed Security Services . 
PR Newswire, 5864 
Oct 16, 2000 


7/7/26 (Item 24 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06587768 Supplier Number: 66096411 

Internet Security Systems and The Sutherland Group Team Up to Provide 

Managed Security Services . 
PR Newswire, 5863 
Oct 16, 2000 


7/7/27 (Item 25 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06587766 Supplier Number: 66096409 

Internet Security Systems and PricewaterhouseCoopers Team to Deliver 
Managed Security Services World-Wide. 
PR Newswire, 5861 
Oct 16, 2000 


7/7/28 (Item 26 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06587765 Supplier Number: 66096408 

Internet Security Systems and SevenSpace Team Up to Provide Managed 
Security Services . 
PR Newswire, 5860 
Oct 16, 2000 


7/7/29 (Item 27 from file: 111) 

DIALOG (R) File 111: TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06587764 Supplier Number: 66096407 

Lucent Technologies and Internet Security Systems to Provide Managed 
Security Services to Emerging Class of 1 CyberCarriers 1 . 

PR Newswire, NA 
Oct 16, 2000 


7/7/30 (Item 28 from file: 111) 

DIALOG (R) File 111: TGG Nat 1 . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 


06587763 Supplier Number: 66096406 

Internet Security Systems and Computacenter Form an Alliance to 
Launch a New Enterprise Wide Managed Security Service . 
PR Newswire, 5858 
Oct 16, 2000 


7/7/31 (Item 29 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06520613 Supplier Number: 65126500 

Cyber Safe Corporation and Counterpane Internet Security Form Strategic 

Managed Security Services Partnership. 
Business Wire, 2156 
Sept 11, 2000 


7/7/32 (Item 30 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06489195 Supplier Number: 64449258 

Dimension Data Partners With Internet Security Systems to Offer 

Managed Security Services . 
PR Newswire, NA 
August 22, 2000 


7/7/33 (Item 31 from file: 111) 

DIALOG(R) File 111:TGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06432417 Supplier Number: 58937935 

RAD GUARD Partners With RIPTech to Provide Secure Outsourced VPN 
Services . 

Business Wire, 0413 
Jan 25, 2000 


7/7/34 (Item 32 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06420401 Supplier Number: 63518535 

GE Medical Systems ASP Solution to be Monitored By Internet Security 

Systems 1 Managed Security Services . 
PR Newswire, 0880 
July 18, 2000 


7/7/35 (Item 33 from file: 111) 

DIALOG(R) File 111:TGG Natl . Newspaper Index(SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06380526 Supplier Number: 62862241 

Internet Initiative Japan Chooses Check Point Software for Managed 

Security Service Offering. 
Business Wire, 0483 
June 22, 2000 


7/7/36 (Item 34 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06376202 Supplier Number: 62825004 

Inflow Chooses Check Point's SiteManager-1 for Managed Security 

Service Offering. 
Business Wire, 0182 
June 20, 2000 


7/7/37 (Item 35 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06282044 Supplier Number: 61797517 

Com Tech and Internet Security Systems Deliver Australia's First 24x7 

Managed Security Service . 
PR Newswire, NA 
April 5, 2000 


7/7/38 (Item 36 from file: 111) 

DIALOG (R) File 111:TGG Natl . Newspaper Index (SM) 
(c) 2003 The Gale Group. All rts. reserv. 

06200651 Supplier Number: 60004112 

Telecom Italia Chooses Check Point Software Technologies for Managed 

Network Security Services . 
Business Wire, 0041 
March 8, 2000 


7/7/39 (Item 1 from file: 233) 

DIALOG (R) File 233: Internet & Personal Comp. Abs . 
(c) 2003 Info. Today Inc. All rts. reserv. 

00651836 01NC12-109 

What it takes to survive a walk on the vendor side — Corporate profiles 

Barney, Doug 

Network Computing , December 17, 2001 , vl2 n26 p87-91, 5 Page(s) 
ISSN: 1046-4468 

Profiles seven information technology (IT) vendor companies that have a 
fighting chance of surviving the year 2002 in light of the fact that IT 
budgets were reduced, venture funding dried up, carriers stopped investing 
in build-outs, and dot-com companies collapsed in 2001. Names the vendors: 
Linux vendor Red Hat Software Inc.; Internet core router vendor Juniper 
Networks; billing software vendor Apogee Networks of Saddlebrook, NJ; 
carrier and service provider Broadwing; optical networking products vendor 
Sycamore Networks; wireless local area network (WLAN) provider SMC 
Networks; and managed security service provider Riptech of 

Alexandria, VA. Says their strategies for surviving 2002 include sitting on 
cash to outlast the downturn, designing new technologies and networks, and 
recrafting sales and financing arrangements. Includes seven photos. (MEM) 


7/7/40 (Item 2 from file: 233) 

DIALOG (R) File 233: Internet & Personal Comp. Abs. 


(c) 2003 Info. Today Inc. All rts. reserv. 


00636692 01WK07-205 

Security's best friend? — Companies are outsourcing IT security to 
cut costs of around-the-clock surveillance. But some doubt the risk is 
worth. . . 

Hulme, George V 

Information Week , July 16, 2001 , n846 p38-44, 5 Page(s) 
ISSN: 8750-6874 

Discusses trend in which the option of outsourcing information 
technology (IT) security has emerged as a legitimate choice for many 
companies. Reports that although managed security services providers 
(MSSPs) initially appealed mostly to smaller companies that lack the budget 
for sophisticated security technology or sizable security staffs, large 
companies are giving them a closer look. Explains that Internet Security 

Systems Inc. (ISS) is the largest independent MSSP with $195 million in 
2000 revenue. Mentions three reasons why large firms are turning to MSSPs: 
financial savings, staffing shortages, and the difficulty of keeping up 
with the latest security threats. Says that although outsourced managed 
security has not proved its worth to most major companies, the health care 
industry may provide a test bed because several factors are coalescing to 
make security and cost-cutting high priorities. Includes a table, two 
sidebars, and two photos. (MEM) 
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Plugging holes in security — ISS 1 Chris Klaus sees need for more 
safeguards, sketches company's plans for managed services 

Fisher, Dennis 

eWeek , June 18, 2001 , vl8 n24 p22, 1 Page(s) 
ISSN: 0740-1604 

Company Name: Internet Security Systems 

Presents an interview with Chris Klaus, chief technology officer of 
Internet Security Systems Inc. (ISS) of Atlanta, GA. Indicates that 

ISS 1 Internet Scanner was the first widely available vulnerability 
assessment tool. Discusses ISS 1 foray into managed security services . 
Cites the security issues in the IEEE 802.11 wireless local area network 
(WLAN) protocol. Reports that most companies have not thought about 
security to the extent that they should, despite the high level of 
publicity around denial-of-service (DoS) attacks and viruses. Says that 
companies need to work with their Internet service providers (ISPs) to 
develop a response plan for DoS attacks. Mentions the enterprise need for 
managed security services . Explains the plan to combine intrusion 

detection and vulnerability assessment tools into one service. Includes a 
photo. (MEM) 
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00624123 01EW03-201 

Custom-fit security apps — Managed security goes proactive 

Fisher, Dennis 

eWeek , March 19, 2001 , vl8 nil pi, 21, 2 Page(s) 
ISSN: 0740-1604 


Company Name: Ubizen; Counterpane Internet Security; Netsec 
Cites prediction that managed security services will come of age 
in 2001, evolving from one-size-fits-all services into unique offerings 
tailored to the individual customer. Reports that Belgium-based Ubizen, San 
Jose, CA-based Counterpane Internet Security Inc., and Herndon, VA-based 
Netsec are trying to change managed security from a strictly reactive 
discipline to a predictive and proactive field. Says that these companies 
are concentrating on gathering realtime intelligence on attacks, 
vulnerabilities, and exploits with data mining and artificial intelligence 
techniques. Explains that services blossomed in 2000 when companies faced a 
shortage of trained security personnel at the same time that attacks 
against networks hit new heights. Includes a chart. (MEM) 
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Security takes front seat — Riptech leads trend of managed security 
for 24 x 7 protection 

Savage, Marcia 

Computer Reseller News , January 8, 2001 , n927 p41-42, 2 Page{s) 
ISSN: 0893-8377 
Company Name : RIPTech 

Profiles emerging company RIPTech , a security monitoring and 
professional services firm based in Alexandria, VA. Reports that its 
eSentry round-the-clock monitoring service is targeted at large and 
mid-size enterprises. Cites the professional credentials of founders Elad 
Yoran, Amit Yoran, and Tim Belcher. Says that RIPTech 's goal is to 
develop partnerships with service providers, large systems integrators, and 
consultants. Mentions that network security firm Patriot Technologies of 
Frederick, MD, has chosen to partner with RIPTech because the latter had 
the most competitive pricing, comprehensive service, the ability to 
customize a deal for a customer, and the best profit opportunity for its 
partners. Presents the International Data Corp. 's prediction that the 
market for security consulting, implementation, management, and training 
services will reach $8.2 billion in the next several years. Includes a 
photo. (MEM) 
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Users inch to security outsourcers — Attacks on Microsoft, Mafiaboy 
anniversary reinforce need for protection 

Fonseca, Brian; Harreld, Heather 

InfoWorld , January 29, 2001 , v23 n5 plO, 1 Page(s) 
ISSN: 0199-6649 

Reports that companies are increasingly moving to outsourced 
management security services (MSS) for protection in the wake of the 
massive distributed denial-of-service (DDoS) attack on major Web sites last 
year. Enumerates the various levels of defense: authentication, firewall, 
secure operating system, intrusion detection system, virus scanning, 
content inspection, secure hosting, secure electronic commerce, public key 
infrastructure, Web site application security, enterprise security, 
dedicated securit consultants, security intelligence services, e-risk 
manageme Web site security certification. Describes the offerings of 


OneSecure, Arbor Networks, SonicWall, Internet Security Systems 

(ISS), and RipTech . Includes two sidebars and a photo. (MEM) 


7/7/45 (Item 7 from file: 233) 

DIALOG (R) File 233: Internet & Personal Comp. Abs . 
(c) 2003 Info. Today Inc. All rts. reserv. 

00614811 00IK11-119 

Security first for Visa — The company upgrades fraud efforts as 
merchant concern rises 

Yasin, Rutrell 

InternetWeek , November 13, 2000 , n837 p35, 1 Page(s) 
ISSN: 0746-8121 

Company Name: Visa USA; Internet Security Systems 

Reports that credit card company Visa USA has accelerated efforts to 
ensure the safety of its online transactions, in response to the increase 
in online fraud incidents. Says that the additions to the Visa Secure 
Commerce program are a payer authentication service and an alliance with 
Internet Security Systems (ISS), a supplier of intrusion-detection 

software and provider of managed security services . Mentions that 
Visa and ISS will begin an electronic compliance-monitoring pilot to ensure 
that merchants are running secure Web sites. Indicates that participating 
merchants will volunteer for mock attempts to compromise their networks and 
databases to ensure the security of their firewalls. Explains the 
activities undertaken by rival credit card company American Expres to 
secure online transactions. Includes a diagram. (MEM) 
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00610539 00EW09-111 

Security, a basic approach — Heads of new ISS division discuss the 
challenges and opportunities in providing security services 

Berinato, Scott 

eWeek , September 11, 2000 , vl7 n37 p42, 1 Page(s) 
ISSN: 0740-1604 

Company Name : Internet Security Systems 

Presents interviews with two executives of Internet Security 
Systems Inc. (ISS) in Atlanta, GA: president and general manager of the 
security services division Mark Hangen and senior vice president of 
marketing Allen Vance. Says that with its 1999 acquisition of Netrex Secure 
Solutions, ISS formed the foundation of its new security services division. 
Cites ISS 1 adoption of a basic approach toward enterprise security and 
managed security services . Mentions that security is moving 

mainstream and getting more mass-market-oriented, resulting in the level of 
expertise and management costs going outside the realm of many budgets. 
Explains the similarities between security services and manufacturing. 
Indicates a focus on selling wholesale to other service providers. Includes 
a photo. (MEM) 
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Maximum security — Internet Security strives to break free from the 


pack with managed services mantra 

Savage, Marcia; Dunlap, Charlotte 

Computer Reseller News , June 12, 2000 , n898 p76-80, 4 Page(s) 
ISSN: 0893-8377 

Company Name: Internet Security Systems ; RSA Security; Verisign; 
Network Associates; Check Point Software Technologies 

Profiles Atlanta, GA-based Internet Security Systems , recipient of 
^Computer Reseller News 11 magazine's E-Star Awards in the Internet 
security category. Reports that it is expanding its reach through managed 

security services in partnership with telecommunications firms and 

service providers. Says that its key technologies are the Internet Scanner 
intrusion-detection software and the RealSecure integrated network and 
host-based intrusion-detection and intrusion-response system. Points out 
that the firm's research team X-Force provides a key source of information 
on new viruses and other security risks. Cites four standouts in the 
category: Israel-based Check Point Software Technologies Ltd., Santa Clar 
CA-based Network Associates Inc., Bedford, MA-based RSA Security Inc., and 
Mountain View, CA-based Verisign Inc. Includes two photos. (MEM) 
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Human element is key to stopping hackers — Intrusion-detection services 
proliferate as attacks become more frequent and dam aging 

Higgins, Kelly Jackson 

Information Week , May 29, 2000 , n788 pl64-173, 5 Page(s) 
ISSN: 8750-6874 

Company Name: DefendNet; IBM Corp.; Internet Security Systems ; 
Pilot Network Services; RIPTech 

Reports that most security providers package intrusion detection as part 
of a suite of managed security offerings that also include firewalls, 
vulnerability assessment and, in some cases, secure virtual private 
networks. Cites companies offering these services include DefendNet, IBM 
Global Services, Internet Security Systems , Pilot Network Services, 
and RIPTech . States that intrusion detection tools work much like an 
antivirus package and sensors look for known x s signatures 1 ' or potential 
hacker tools and footprints, and notify the main intrusion-detection server 
if it finds any. Adds that the server then sends out an alarm and records 
all these events locally in a log that can be relayed to a relational 
database to track trends and generate reports. According to ICSA, a 
security consulting firm, there were four times as many hacker attacks a 
day in North America in 2000 than in 1999. Contains two photo and one 
sidebar, (sps) 
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Security needs spawn services 

Messmer, Ellen 

Network World , April 3, 2000 , vl7 nl4 pi, 100, 2 Page(s) 
ISSN: 0887-7661 

Company Name: Internet Security Systems ; Counterpane Internet 
Security; Pilot Network Services 

URL: http: //www . iss . net http: //www. counterpane . com 


Reports that application service providers (ASPs) Internet Security 
Systems (ISS) , Pilot Network Services, and Counterpane Internet 
Security have begun offering outsourced intrusion detection services for 
enterprise networks that have neither the time nor the personnel to keep 
the 24-hour-by-seven-day (24x7) vigil that intrusion detection software 
demands. Reports that these providers recognize the unfulfilled requirement 
for outsourced help. Reports that ISS holds 60 percent of the market for 
intrusion-detection software. Explains that the Pilot model requires the 
housing of client equipment at a Pilot data center and private-line 
connectivity to it. Explains that ISS ! s Managed Security Services 
platform enables Internet service providers (ISPs) and telecommunications 
firms to offer managed security services to their customers. Includes 
one photo, one sidebar, and two graphs. (MEM) 
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00546556 99IK09-205 

Lack security staff? Outsource IT 
Yasin, Rutrell 

InternetWeek , September 20, 1999 , n781 p8, 1 Page(s) 
ISSN: 0746-8121 

Reports on the emergence of security services outsourcing in response 
to the shortage of skilled information technology (IT) professionals. Says 
that Network Security Technologies offers 24-hour monitoring of Internet 
service provider networks . Notes that Frontier Communications provides 
antivirus, intrusion detection, virtual private network, and firewall 
functionality. States that Internet Security Systems provides 2 4 -hour 
network monitoring and management. Says that Comdisco provides security 
analysis, planning and management. Presents the possibility that demand for 
such services will increase as companies deploy electronic commerce 
strategies. Reports on an alliance between Network Associates Inc. and 
Frontier Communications. Includes one table. (MEM) 
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Hack attacks drive outsourced security 
Kerstetter, Jim; Madden, John 

PC Week , August 9, 1999 , vl6 n32 pi, 20, 2 Page(s) 
ISSN: 0740-1604 

Company Name: Internet Security Services 

Reports that Internet Security Systems Inc. (ISS) of Atlanta, GA 
has announced that it is providing network security services to Internet 
service providers (ISPs), telecommunications providers, and outsourcing 
companies. Explains that the complexity of network security technology and 
the shortage of skilled people are driving this second layer of 

outsourcing . Notes that hackers broke into one of Cornell University's 
servers and installed a File Transfer Protocol site on the server running a 
database of statistical research material. Says that although security 

outsourcing is not a novel trend, more and more companies are entering 
the market. Explains that ISS sells the software and training to 

outsourcing partners and provides a managed service to ensure that 
partners are properly addressing their customers 1 security needs. Includes 
one graph. (MEM) 
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00495592 98IW05-013 

Digital sentries — We pitted four intrusion-detection solutions against 
our formidable suite of network attacks 

McClure, Stuart; Scambray, Joel 

InfoWorld , May 4, 1998 , v20 nl8 pi, 88, 2 Page(s) 
ISSN: 0199-6649 

Presents a profile on intrusion-detection systems. Says they have been 
touted as the network's answer to the burglar alarm. States that vendors 
have centered around the vx high-tech-security system' 1 analogy, suggesting 
that computer networks need the equivalent of alarms and security cameras 
to deter and keep out intruders. Says IS managers interested in intrusion 
detection will have to weigh the value of the benefits against the dollar 
outlay for a network intrusion detection system. Offers four test solutions 
from four security products, including IBM outsourced solution, Internet 
Security Systems solution, Network Flight Recorder/Anzen solution, and 
Abirnet Solution. Includes two photos and five sidebars. (EB) 


7/7/53 (Item 15 from file: 233) 

DIALOG (R) File 233: Internet & Personal Comp. Abs. 
(c) 2003 Info. Today Inc. All rts. reserv. 

00489781 98IW03-217 

Network security checkup 

Talley, Brooks; Scambray, Joel; Dugan, Sean; Broderick, John 
InfoWorld , March 16, 1998 , v20 nil pi, 54-62, 8 Page(s) 
ISSN: 0199-6649 

Company Name: Axent Technologies; International Network Services; 
Internet Security Systems ; WheelGroup 

URL: http://www.axent.com http://www.ins.com http://www.iss.com 
ht tp : / / www . wheelgroup . com 

Product Name: Enterprise Security Manager 4.4; Internetworking and 
Security Consulting Services; Internet Scanner 5.0 for Windows NT; 
NetSonar 

Presents a special section on network security auditing. Articles 
include: ^The Key to Network Security 1 1 (pi, 54-55) by Brooks Talley 
introducing the section; s ^The Security Threat - Real or Imagined? 11 (p55) 
by Sean Dugan reporting the results of a survey on network security; v v The 
Ins and Outs of a Network Security Audit 1 1 (p56-62) by Joel Scambray 
discussing the steps that should be taken when performing a security audit; 
''Security Hotspots to Watch For 1 1 (p58) by John Broderick discussing 
common and not -so- common places to find holes in a security network; and ' " 
Outsourcing Your Security Problems 11 (p62) by Scambray discussing how 
getting an audit from an outside source is a viable option. Includes one 
photo, two screen displays, two sidebars, one product source guide, and 
three tables. (MKS) 
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06417854 SUPPLIER NUMBER: 72595676 

Verio, Exodus beef up respective security services 


Mears, Jennifer 
Network World, Sec 39, p 44 
May 7, 2001 

ISSN: 0887-7661 NEWSPAPER CODE: NWW 

DOCUMENT TYPE: News; Periodical 

LANGUAGE: English RECORD TYPE: ABSTRACT 

ABSTRACT: Web hosting companies Verio and Exodus have rolled out new 
managed security services in an effort to quell the fears of 
businesses reluctant to outsource because of possible network breaches . 
Exodus is adding managed extranet and other services to its core security 
offerings, while Verio is making its first foray into serious security 
products. Verio is partnering with Riptech to offer its Intellisecurity 
service, which includes real-time, live analysis of suspicious activity and 
security threats. Exodus uses Nokia and Check Point software in its VPN and 
firewall security services, which it is expanding with gateway-to-gateway 
coverage. Exodus has also partnered with Eventual to offer managed extranet 
services, which give companies, their customers and their partners secure 
access to applications via the Web. 
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Last Boom in Town: Demand Still Grows for Online Security 

Schwartz, John 
New York Times, p H.13 
Apr 18, 2001 

ISSN: 0362-4331 NEWSPAPER CODE: NYT 

DOCUMENT TYPE: Feature; Newspaper article 
LANGUAGE: English RECORD TYPE: ABSTRACT 

ABSTRACT: LIKE many people, Aviel D. Rubin recently received an e-mail 
message purporting to offer him a picture of the tennis star Anna 
Kournikova. Mr. Rubin, a computer security researcher at AT&T Labs-Research 
in Florham Park, N.J., knew too much about the risks of rogue software to 
open the attached file, which was in fact a program that would damage the 
recipient's computer and copy itself to everyone on the user's Microsoft 
Outlook address book. It is one of the few segments of the high-technology 
market that is thriving in the midst of widespread dot-com gloom. 11 It's a 
ton of money, 1 1 said Olivia Golden, an analyst at Bear, Stearns in New York 
and co-author of a recent report on security issues. According to Ms. 
Golden, venture capital funds have invested more than $500 million in about 
75 companies over the last year and a half. Another recent report on the 
subject from analysts at the Gartner Group, a technology consulting firm in 
Stamford, Conn., said, 1 ' 1n the last several months, hardly a week has 
passed that has not seen the announcement of an established company that 
expanded its offerings to include managed security services , or of a 
start-up that received funding to do the same. 1 1 Things have become a lot 
tougher, say the believers in managed security services . The number 
of patches has proliferated so wildly that most in-house security 
operations cannot keep up, said Bruce Schneier, the founder of Counterpane 

Internet Security Inc., a security services company in San Jose, Calif. 
Examples of new rogue software like the 1 1 Love Bug 11 and ' 'Melissa 1 ' have 
complicated life for security teams. And attacks like ''distributed denial 
of service, ' ' which last year temporarily blocked access to Yahoo, eBay and 
other sites, have made security a more daunting task. 
-> 
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02609871 DOCUMENT TYPE: Company 

Internet Security Systems Inc (ISS) (609871 

6303 Barfield Rd 

Atlanta, GA 30328 United States 
TELEPHONE: (404) 236-2600 

TOLL FREE TELEPHONE NUMBER: (888) 901-7477 
FAX: (404) 236-2626 
HOMEPAGE: http: //www. iss . net 
EMAIL: sales@iss . net 

RECORD TYPE: Directory 

CONTACT: Sales Department 

ORGANIZATION TYPE: Corporation 
EQUITY TYPE: Private 
STATUS: Active 

Internet Security Systems Incorporated (ISS), located in Atlanta, 
Georgia, specializes in the development of a suite of security scanning 
software tools. Its flagship product, Internet Scanner (TM) , was the first 
scanning software of its kind. Internet Scanner learns an organization's 
network and probes each network device for security holes. It is the most 
comprehensive 'attack simulator' available. Other offerings are System 
Scanner (TM) , Database Scanner (TM) , and SafeSuite, which includes the 
RealSecure intrusion detection and response system. In addition, ISS 
provides managed security services , security training, and 
consulting . 

NUMBER OF EMPLOYEES: 30 
SALES: NA 

DATE FOUNDED: 1994 

PERSONNEL: Noonan, Thomas E, Chief Executive Officer; Noonan, Thomas E, 
President; Noonan, Thomas E, Chairperson; Klaus, Christopher W, Chief 
Technology Officer; Macchia, Rich, VP Finance; Macchia, Rich, Chief 
Financial Officer; Walters, Ken, Chief Operating Officer; McCormick, 
Tim, VP Marketing 

REVISION DATE: 20011230 
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00142010 DOCUMENT TYPE: Review 

PRODUCT NAMES: Verisign Access Management System (AMS) (135976); Security 
Management System (125784) ; IBM/VeriSign Solution for Secure eBusiness 
(135992) 

TITLE: To protect and serve: Vendors marry security offerings with. . . 

AUTHOR: Fonseca, Brian 

SOURCE: InfoWorld, v24 n41 p39(2) Oct 14, 2002 
ISSN: 0199-6649 

HOMEPAGE: http : //www. inf oworld. com 

RECORD TYPE: Review 

REVIEW TYPE: Product Analysis 

GRADE: Product Analysis, No Rating 

VeriSign ! s Verisign Access Management Service (AMS), Symantec's Security 
Management System, and IBM/VeriSign 1 s IBM/VeriSign Solution for Secure 
eBusiness are highlighted in a discussion of the efforts of top-tier 
security vendors to create hybrid services with their products as a way to 
eliminate the confusion from security-related problem determination and 
resolution while reducing the number of security-related events. Such 
companies as Internet Security Systems (ISS), Symantec, and 
IBM/Tivoli are homing in on stronger integration and services options, 
familiarity, and global- market reach to sign on new customers. As budgets 
and workforces shrink in IT departments, managed security service 
providers (MSSPs) are becoming more appealing because they are outsourcers 
, and when something goes wrong, can take responsibility for the problem. 
ISS has debuted improvements to its X-Force MIPS (Managed Intrusion 
Protection Service) , which gives customers four options, one of which can 
be chosen, based on suitability for defense and monitoring of a network 
perimeter. Symantec Security Management System integrates with hardware 
from Check Point and Cisco, and provides management applications that 
integrate with third-party security products. AMS provides one Web-based 
console for automating user, role, group, and policy management, while IBM 
Verisign Solution for Secure e-Business Integration integrates internal and 
external applications and supplies digital certificates for authentication, 
digital signing, encryption, and access control. 

REVISION DATE: 20030130 
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00140903 DOCUMENT TYPE: Review 

PRODUCT NAMES: MSSP ( Managed Security Service Providers) (845701 

TITLE: Security at your service: IT managers look to MSSPs for. . . 

AUTHOR: Fonseca, Brian 

SOURCE: InfoWorld, v24 n34 p37(2) Aug 26, 2002 
ISSN: 0199-6649 

HOMEPAGE: http : //www . inf oworld. com 


RECORD TYPE: Review 


REVIEW TYPE: Product Analysis 
GRADE: Product Analysis, No Rating 

As the cost of internal security expertise continues to rise, IT managers 
are turning to managed security service providers (MSSPs) to provide 
the manageability and expertise required to secure their networks. An IS 
officer for a mining company, who was reluctant to outsource , says 
processes and controls deployed proved to be less frightening than 
expected. The company hired, Guardent, manages firewalls over different 
time zones and provides intrusion detection system services at the mining 
company's seven global sites in the U.S., South America, Indonesia, and 
Asia. The mining company decided to retain control over lighter duty 
antivirus and content filtering security products already deployed at 
larger sites. Various market pressures mean that MSSPs have to work herder 
to provide the best security services. Symantec has acquired MSSP Riptech 
as a way to add to Symantec's managed services, which has set the market on 
edge in another consolidation. However, an analyst says Symantec could have 
problem combining products and services, and will have to convince 
customers they have the expertise needed. MSSPs can assist with 
scalability, monitoring, managing, and keeping firewalls current. IDS is 
also important to companies that need to tweak, investigate, and respond to 
alerts . 

REVISION DATE: 20021130 
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PRODUCT NAMES: Company — Symantec Corp (850373); 

Company--SecurityFocus.com (877841); Company — RippleTech Inc (877646) 

TITLE: Symantec buying binge plugs gaps 

AUTHOR: Yasin, Rutrell 

SOURCE: Federal Computer Week, vl6 n26 p24(l) Jul 29, 2002 

ISSN: 0893-052X 

HOMEPAGE: http: //www. few. com 

RECORD TYPE: Review 
REVIEW TYPE: Company 

Symantec has purchased CyberWolf Technologies for its security management 
products; SecurityFocus for threat management; Recourse Technologies for 
network intrusion detection; and Rippletech for managed security 
services . The acquisitions are meant to make Symantec a one-stop-shopping 
outlet for enterprise security products. Various client and server 
security, content management, firewall, and virtual private network (VPN) 
technology products are available from Symantec. Symantec has been weakest 
in the network intrusion detection area, but Recourse Technologies; ManHunt 
uses anomaly-based detection and advance protocol monitoring to home in on 
possible intrusions, even in high-speed gigabit networks. Anomaly-based 
detection systems search for aberrations in network traffic, in contrast to 
systems that look for preset rules or attack signatures to identify 
malicious traffic. For instance, says a spokesperson for Raytheon, ManHunt 
could be used immediately, and analyst say ManHunt can be used with 
Symantec's server-based detection product, Intruder Alert. Recourse's 
technology will bolster the firm's ability to offer managed security 


services to mid- sized companies and agencies, and RipTech 's Calterian 
technology provides 24x7 network monitoring, analysis, and response. 
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TITLE : Symantec buys three security firms 

AUTHOR: Messmer, Ellen 

SOURCE: Network World, vl9 n29 pl0(l) Jul 22, 2002 
ISSN: 0887-7661 

HOMEPAGE: http: //www. nwf usion. com 

RECORD TYPE: Review 
REVIEW TYPE: Company 

Symantec has been on a buying spree, having acquired security vendors 
Recourse Technologies, RippleTech, and SecurityFocus, companies that will 
provide key core technologies and many new customers. The deals could also 
create some consternation for current customers as Symantec proceeds to 
integrate the acquisition into its product lineup. Symantec purchased 
Recourse to obtain its ManHunt intrusion detection system, which is used by 
about 150 customers, including Ingram-Micro and the U.S. Department of 
Energy to preempt network- based attacks. ManHunt differs from other 
products by using anomaly detection to flag unusual or suspicious events 
rather than IDS signatures that must often be updated. Sybase will halt 
development of its own NetProwler network-based IDS, which did not get 
sufficient market share or do well in IDS testing. CEO John Thompson of 
Symantec says ManHunt is stronger than NetProwler and also better than 
competitors tools. Riptech is a managed security services with 500 
customers, and brings with it the Calterian monitoring system, which 
gathers input from firewalls and IDS from various vendors. SecurityFocus 
provides a service bureau that sends security alerts on new threats and 
analysis that should bolster's Symantec's. 
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Network security experts are hard to come by and have a high turnover rate. 
As a result, many companies are looking to their service providers for 
long-term help in the area of security. Several companies, including SBC 
Communications and WorldCom, have answered that call by rolling out new 
managed security services . BellSouth and Verisign are also adding 
services to existing managed security offerings, and Sprint is now offering 
security consulting services. The outsourcing trend reflects the fact 
that few companies have the level of expertise in-house or the resources to 
adequately address security issues. BellSouth is working with Internet 
Security Systems (ISS) to add a subscription-based scanning and 
reporting service. WorldCom is also working with ISS to add intrusion 
monitoring, remote scanning, virus protection, and emergency response 
services. There is likely to be more partnerships and consolidation in the 
managed security area in the future. 
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Internet Security Systems 1 RealSecureSiteProtector, NetIQ ! s Security 
Manager, and OpenService 1 s SystemWatch for UNIX and Windows NT can provide 
central management of security applications and data. From a central 
console in SiteProtector , RealSecureSiteProtector manages the vendor's 
security applications, including desktop firewall and host- and 
network-based intrusion detection systems. SiteProtector allows IT managers 
to consolidate and correlate security events, says a spokesperson for 
Internet Security Systems . NetlQ Security Manager is used by Paul, 
Hastings, Janofsky, & Walker, a law firm, to augment security. The software 
allows users to capture, correlate, and manage security events from a 
single console, saving time and providing powerful security protection by 
showing a higher- level view of security activity across the network. 
OpenService 1 s SystemWatch helps Danzas Group improve dependability of over 
40 firewalls deployed internationally. SystemWatch also helps Danzas get 
more work done without adding more security staff. Symantec also plans to 
integrate its antivirus, intrusion detection, and firewall applications in 
one console, but NetlQ, OpenService, and e-Security have provided such 
centralized solutions for several years. 
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Although some companies are making a commitment to Microsoft .Net Web 
services and similar platforms from IBM or Sun Microsystems, others will 
use xSPs, or various types of outsourced services. Secure service 
providers provide contingency plans and secure connections, platforms, 
applications, access, detection, assessment, and personnel, facilities. 
Other service providers include LOR Management Services, a business service 
provider; Beyond.com and ReleaseNow, which are commerce service providers; 
FileNet and NetContent, which are content service providers; SiteLite and 
Virsage Solutions, which are management service providers (MSPs); and 
Counterpane Internet Security, which provides security services. All these 
services are delivered via Web technologies and allow users to optimize use 
of common standards to lower administration and technical support costs. 
Web services such as Microsoft's, IBM's, and Sun's are still unsupported 
only by the prerelease versions of development tools. An exception is 
Delphi from Borland Software, which provides high-level tools for 
encapsulating and abstracting the intricacies of XML-based data exchange 
and service invocation. Web services are expected to increase enterprise 
application development productivity 30 percent by 2005. 
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Intrusion detection systems (IDSes) and services from Intrusion.com, Cisco 
Systems, CyberSafe, Enterasys, and Riptech are expanding network security 
capabilities. New products correct problems associated with 
first-generation IDS technology. For example, early IDS products created 
immense data logs and often reported false alarms. Now, IDS vendors are 
offering systems administrators powerful management tools, high-speed 
processing, straightforward configuration, and streamlined alerting 
systems. For example, many new products, such as Intrusion . com 1 s SecureNet, 
employ anomaly tracking rather than signature matching processes. Using 
anomaly tracking, an IDS compares network activity to an acceptable 
baseline. Beyond anomaly tracking, products like Cisco Systems' Secure IDS, 
combine software and hardware in one box, eliminating configuration 
problems and providing IT departments with plug-and-play deployments. 
Additionally, IDS products like CyberSafe ! s CentraxICE and Enterasys 
Networks' Dragon correlate traffic data from multiple network sources, 
improving the accuracy of scans. Finally, outsourcing companies like 
Riptech can provide small businesses with affordable IDS services. 
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Outsourcing network security allowed his company to save substantial 
money, says Richard Guetzloff, senior director of enterprise services for 
R.R. Donnelley & Son. Guetzloff explains that he could not find a firewall 
expert for under $100,000 year, while outsourcer Telenisus provides 
network security at approximately the same cost for a period of two years. 
Bose f s spokesperson, CIO Bob Ramrath, had a different reason for 
outsourcing . Bose was doing its own security effectively, but wanted to 
position its network for the future, which 'involved combining Internet 
access, web hosting, extranet development, and VPN services with managed 
security in one outsourcing agreement. 1 Bose hired Genuity, which 
maintains and monitors one firewall at Bose's main office, in addition to 
firewalls protecting Bose 1 s Web servers, which are located in Genuity 
network operations center . An IT network engineer for Health Alliance 
Plan chose to outsource with Internet Security Systems for four 
firewalls. ISS also configured and implemented Checkpoint 4.0 virtual 
private networks (VPNs) to link Health Alliance to customers and a trading 
partner. Health Alliance reduced costs by between $20,000 and $30,000 per 


year, but Hilliard would prefer to have the technology in-house if the 
needed technical expertise were available. 
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According to a recent survey by investment bank Pacific Crest, the managed 
security provider business is poised for a shakeout, with the possibility 
of only a few vendors surviving. Pilot Network Services and Salinas Group 
recently went out of businesses, leaving former customers without services. 
For consolidations, Guardent purchased DefendNet Solutions, and OneSecure 
sold customers to Riptech . Managed security service providers 
(MSSPs) manage and monitor their customers' network components, such as 
antivirus applications and firewalls. MSSPs have proven popular with 
companies wanting to lower security costs. However, business failures have 
left many customers without security services. With such failures, 
investment in MSSPs has become cautious. Additionally, forays into the 
market by established software vendors Symantec and Internet Security 
Systems threaten MSSPs 1 ability to compete in the future. With continued 
shakeouts expected, analysts advise companies to work with multiple MSSPs. 
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Use of e-mail, which is described as 1 shark-infested waters, 1 exposes 
companies to security openings if employees are not sufficiently 
knowledgeable as to how to prevent security breaches, and if network 
infrastructure and weak links have not been analyzed. In addition, 
third-party tools and software should be evaluated for their ability to 
support policy enablement and content management. Issues to be addressed 
include lack of perceive need, lack of interoperability among products, and 
ease of use, especially for encryption. A director of product marketing 
notes that many Visual Basic script-based worms have been unleashed 
recently and caused substantial damage and chaos to systems receiving 
e-mail. He recommends that companies install a layered antivirus solution 
that provides antivirus scanning at the gateway, along with protection 
against viruses on laptops, desktops, or handhelds . Content filtering 
methods are also recommended. Users should be educated, and constant 
awareness programs are required. Suitable security solutions and proactive 
monitoring of alerts and warnings from professional organizations are other 
protective measures. Topics covered include policy development; risks of 
outsourcing e-mail security; wireless, always-on communication threats to 
business firewalls; and other listed issues that are likely to 1 become even 
more troublesome in the future. 1 
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A discussion of the pluses and minuses of outsourcing IT security to 
managed security service providers (MSSPs) explains that MSSPs at 
first appealed primarily to smaller companies with budgets insufficient to 
purchase in-house, advanced security technology. However, larger businesses 
are now considering MSSPs, with one study showing that up to 25 percent of 
companies with over $10 billion in annual sales are using or thinking about 
using MSSPs to provide such security components as firewalls, antivirus 
software, virtual private networks (VPNs), or intrusion detection. 
Nevertheless, in order to command the hearts and minds of IT managers, 
MSSPs will have to convince them that its safe and secure to turn security 
over to outsourcers , MSSPs come in all sizes and provide many types of 
services. New players in the market include OneSecure, while Unisys and 
Internet Security Systems are more experienced providers. MSSPs 1 
guarantees do not generally include a promise of 100 percent reliability, 
so users have to purchase hacker insurance. Most security companies run 
under service-level agreements that emphasize performance. ISS is the 
largest independent MSSP, and says it can set up and monitor security on a 


250-user network on one Tl Internet gateway for approximately $75,000 a 
year. CIBC Works Markets has used ISS for over a year to run 24x7 intrusion 
detection, and services include access to ISS's expertise on the most 
recent intrusions. 
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Elad Yoran, co-founder and CFO of RipTech , a large independent security 
provider, says managed security providers use ! a lot of chewing gum and 
duct tape' that can cause companies more harm than good. Many companies are 
entering the market and many are not able to provide adequate security. 
Managed security service providers (MSSPs) are outsourcers that 
monitor and manage many network components, including firewalls, intrusion 
detection systems (IDSes), antivirus programs, and Web and e-commerce 
servers. Some companies see MSSPs as an economical way to secure systems, 
since companies pay by the month instead of installing expensive internal 
systems. David Gehringer, senior product manager for Mercury Interaction, a 
security testing company, says, ! We have tested (MSSPs) who were supposed 
to have security measures in place for their customers and they didn't. 1 
For instance, one MSSP had a faulty firewall configuration and another 
charged a customer for services not provided. Companies who find themselves 
at the mercy of contracts with such providers have little recourse except a 
complaint to regulators or a law suit. Customers often do not get the 
services they should because of pricing that pulls "in customers but does 
not really pay all the bills for the provider. Guidelines for 'Choosing a 
Security Provider Wisely' are provided. 
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HMO Health Alliance Plan's network manager Ron Hilliard says he resolved 
problems with the company's firewall (which was 'exposed by the very tool 
designed to protect its network') by using a managed security services 
provider (MSSP) . In just weeks, the HMO started to see an improvement from 
the managed firewall and virtual private network (VPN) provided by 
Internet Security Systems . URL-blocking and virus protection services 
were also deployed. Among offerings available from MSSPs are on-site 
consulting, remote perimeter management, product resale, managed security 
monitoring, penetration and vulnerability testing, and compliance 
monitoring. An analyst says the return on investment from outsourcing can 
be very high, and firms can save costs by reducing staff and lowering 
installation and maintenance costs otherwise required to deploy security 
hardware and software internally. Staff can also learn from MSSP providers 
and brainstorm to improve network security. Companies of all sizes are 
seeking a multilayered security implementation, and MSSPs' revenues should 
rise to almost $1.7 billion by 2005 from $140 million in 2000. Among topics 
covered are the need to be careful when hiring a services provider, since 
many 'overstate their capabilities and services;' use of a service provider 
for tactical tasks and temporary improvements; and comparing the cost of 
internally deployed and outsourced services. 
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Ubizen's OnlineGuardian and Sun ! s SEAM are among the newest managed 
security services , which now offer one-of-a-kind, proactive functions 
customized for each user. Ubizen, Counterpane Internet Security, and 
Netsec are all offering tools in the category, and each vendor is 
attempting to build the management security market as a 'predictive and 
proactive field. 1 The companies are providing features for collection of 
real-time intelligence on attacks, vulnerabilities, and exploits. With data 
mining and artificial intelligence techniques, companies will be able to 
predict where problems could show up in a specific customer's network and 
then design a system to defend against them. OnlineGuardian services, for 


instance, includes firewall and virtual private network (VPN) management 
and also gives customers 24x7 intrusion detection and vulnerability 
assessment monitoring services that are becoming a requirement, say 
security administrators. MedContrax will start using OnlineGuardian as a 
way to hand off network security to experts. Ubizen also plans to debut an 
application monitoring service to deal with the growing number of 
application-level attacks afflicting corporations, in addition to a policy 
compliance service. SEAM stores, processes, and classifies event data and 
information from network security devices. 
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ISS's RealSecure and its RealSecure Network Sensor, NAI ' s CyberCop, and 
Counterpane ! s Sentry are highlighted in a discussion of the pluses and 
minuses of outsourced intrusion detection services. Many users are 
starting to consider the advantages of outsourced intrusion detection 
services, which can help companies avoid such problems as lack of time or 
skills available to install and monitor intrusion detection software. For 
instance, a network of five hospitals runs a private Tl network and allows 
doctors to gain access from their homes or offices over a virtual private 
network (VPN) connection. The hospital network contracted with Pilot 
Network Services to provide Internet access, VPN, router, and firewall 
services, as well as antivirus content filtering and intrusion detection. 
Pilot does not monitor the internal network, but the hospital network 
implemented its own internally developed intrusion-detection software on 
key servers to ensure alerting when unauthorized access attempts occur. 
Permitting managed security services to delve into the network is not 
for all companies, since some object to putting tasks that require 
extensive security in the hands of third parties. For instance, Metromedia 
Fiber Network chose not to use managed security, chosing Internet 
Security Systems 1 RealSecure intrusion-detection software for an 
intranet and also deploys staff 24x7 in a data monitoring center. IS also 
provides managed security services and runs data centers in two large 
cities. ISS also plans to add host-based server monitoring, which would 
require users to purchase RealSecure Server Sensor. 
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E-mail services that are also application service providers (ASPs) 
supporting e-commerce companies now provide many value-added services, 
including e-mail content blocking and virus-scanning. For instance, 
customers of Mail.com, which provides those services, are large and small 
companies, including Ford and MBNA Bank. Commtouch, the developer of 
ProntoMail and also an e-mail service provider, is also adding antivirus 
scanning, content filtering, and spam controls to its family of 
e-mail-based services. E-mail, which is a foundational component of 
collaborative workflow, is also being encased in more full-functioned 
collaboration products by e-mail ASPs. For instance, an analyst says 
companies often outsource collaborative applications, including e-mail, 
calendaring, and scheduling, which are commodities. Companies also 
outsource these functions to reduce overall cost of ownership. Mail.com, 
says the analyst, can provide mailboxes through a point of presence or the 
Web for $5 per month per mailbox. In stark contrast, running an in-house 
solution can cost between $80 and $150 per month per user. Among e-mail ASP 
users interviewed is a spokesperson for an international law firm, which 
chose United Messaging, a provider of e-mail hosting and consulting 
services to large and medium-sized companies. United Messaging provides 
Lotus Notes and Microsoft Echoing and also markets RIM messaging services. 
United Messaging will soon offer unified messaging, including e-mail, fax, 
and voice mail. 
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RIPTech , the developer of ESentry remote security services, allows 
managers to reduce the cost of deploying security products by outsourcing 
to an experienced and capable provider. Among RIPTech 's customers are 
HealthQuick. Com and eBSure, and partners are Radguard and Patriot 
Technologies. RIPTech f s target market is the group of small to mid-sized 
companies that cannot justify installation of expensive, advanced, security 
monitors and the salaries of staff needed to analyze the huge amounts of 
data that such systems generate. However, 99 percent of companies do not 
watch their data, says Tim Belcher, CTO and co-founder of RIPTech . 
RIPTech makes available its own security experts via a secure Internet 
link. These professionals analyze suspect data created by security 
services, including firewalls, border routers, and virtual private networks 
(VPNs), installed at customers 1 sites. Data is transported through four 
primary eSentry modules; each is a major component of the security 
management process. Real-time monitoring and management gathers the 
information, while an event-processing engine searches for signs of 
intruders and viruses. An event-tracking module filters data to pinpoint 
possible trouble spots, and a secure portal allows RIPTech ' s analysts to 
send alerts or take emergency corrective action. RIPTech is also a 
security consultant, says one user, and can take over such tasks as sifting 
through security logs for evidence of attempted intrusions/attacks. 
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Espanol.com, Newsweek, and Fremont Bank are some of the many e-businesses 
that are outsourcing their network security. Managing security inhouse is 
time-consuming, labor-intensive, and increasingly expensive as skilled 
security managers are becoming more difficult to find. Espanol.com is using 
GTE for security management, and Newsweek and Fremont Bank are using Pilot 
Network Services. Security is serious business, and as companies add more 
mission-critical applications to the Web, the required security systems are 
going to become more complex, says one analyst. As a result, the market for 
network security services is growing. While there are many security service 
providers, such as AT&T, Pilot Network Services, and Internet Security 
Systems that are stepping up to meet the demand, it is important to know 
the vendor that is hired. Security services can range from network auditing 
to writing and managing security policies. 
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Internet Security Systems 1 (ISS 1 ) ePatrol Scanning Service permits 
remote and automatic assessment of perimeter systems via the Web in order 
to inventory files and test security measures that protect against hackers, 
crackers, and angry employees. ePatrol Scanning Service is encased in a 
system with multiple components, including a Web-based front-end and a 
scheduling and database function. The user can then control multiple 
instances of the scanner system running on machines so a service can be 
provided to customers. All tasks are set up at the ISS 1 secure network 
operations center , and e-mail is sent to the authorized personnel to 
indicate when the scan will start and when it is finished. A network 
manager can link to the secure Web site to view reports generated from the 
scan and can consult with an ISS expert to determine what measures, if any, 
should be taken. ISS has recently acquired Netrex Secure Solutions and NJH 
Security Consulting, which provide the services that make ePatrol possible. 
Netrex moved ISS into the e-services market with managed security 
services , including remote firewall management, remote virtual private 
network (VPN) management, authentication, and buyer scanning. Many larger 
companies are using such outsourced services since their own security 
staff does not have the resources to deploy, monitor, and maintain the 
tools and functions required. 
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Network Associates' Gauntlet Internet Firewall 5.0, Checkpoint Software 
Technologies' Checkpoint Firewall-1 4.0, AXENT Technologies' NetProwler 
3.0, and Internet Security Systems 1 RealSecure 3.1 and Internet 
Security Scanner are among reviewed firewalls, intrusion detection 
applications, outsourcing services, and vulnerability scanners. Although 
companies 1 Internet infrastructure has to be protected from unauthorized 
access, it must also be open, to allow e-business partners and online 
consumers access to certain information. Firewalls are border guards, while 
intrusion detection systems identify possible attacks and attackers. 
Vulnerability scanners find security holes in other security products. 
Firewall-1 4.0, a firewall, is an editors' choice, as are NetProwler 3.0 
and Intruder Alert 3.0, which together provide an intrusion detection 
system. Firewall-1 has the best combination of functions and ease of use, 
with a streamlined and uncluttered firewall management interface. 
NetProwler 3.0 and Intruder Alert 3.0 for host- and network-enabled 
intrusion detection have many powerful tools that protect companies. 
Cross-platform support allows implementation over heterogeneous, connected 
networks; the two products profile OSs to avoid wasting resources looking 
for nonspecific attacks. WebTrends Security Analyzer 2.1 is a vulnerability 
scanner with high quality, powerful reporting and an easily navigated 
interface designed for scanning Web servers. Testers could obtain 
suggestions on how to fix problems just by clicking the Fixes tab. 

REVISION DATE: 20030327 


4/7/23 

DIALOG (R) File 256 : SoftBase : Reviews, Companies & Prods . 
(c)2003 Info. Sources Inc. All rts. reserv. 

00108039 DOCUMENT TYPE: Review 

PRODUCT NAMES: SessionWall-3 2.1 (660701); RealSecure 2.0 Windows NT 
(665703) ; Internet Emergency Response Services (IERS) (699276) ; Network 
Flight Recorder (684601) 

TITLE: Digital sentries 

AUTHOR: McClure, Stuart Scambray, Joel 

SOURCE: InfoWorld, v20 nl8 pi (8) May 4, 1998 

ISSN: 0199-6649 

HOMEPAGE : ht tp : / /www . inf oworld . com 

RECORD TYPE: Review 

REVIEW TYPE: Product Comparison 

GRADE: Product Comparison, No Rating 

AbirNet's SessionWall-3 2.1, Internet Security Systems * (ISS') 
RealSecure 2.0 for Windows NT, Wheel Group's NetRanger, IBM's Internet 
Emergency Response Services (IERS), and Network Flight Recorder's namesake 
product are products that are part of compared digital sentry systems. The 
tools are real-time intrusion detection systems that augment firewalls and 
auditing tools to safeguard networks. The success of such systems depends 
upon the consistent observation of and adherence to well-designed security 
policies. IBM's, ISS 1 , and Network Flight Recorder's systems are all rated 
good, while AbirNet's system is rated average, since it has no intrusion 
detection reports, missed seven of 25 attacks in the test suite, and has 
some traffic-monitoring glitches. IBM's outsourced solution is called the 
Internet Emergency Response Services, and uses NetRanger. ISS' solution is 
a shrink-wrapped package that reduces time required to learn the program 


for aspiring network security managers. ISS is an experienced vendor of 
intrusion-detection tools, and its expertise is evident in its streamlined, 
precise attack description, with distributed management over a 128-bit 
secured channel. Strong reporting and alerting tools are also provided. 
However, some promised features were missing, including that ability to 
create custom attack signatures. Network Flight Recorder had flawless 
recognition during testing, and reports are comprehensive and powerful. 
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